Configuring SSL/TLS protocols with Brocade Virtual Traffic Manager

Secure Sockets Layer (SSL) and the more recent Transport Layer Security (TLS) protocols are the cornerstones of Internet security, providing a standard for authenticated transactions using secure key exchange and encryption. With support for TLS 1.2, Brocade vTM provides a wider range of protocol support, including the use of stronger ciphers for authentication, allowing clients to specify which hash and signature algorithms they will accept. Brocade vTM also permits full control over the selection of security settings per virtual server, per pool, or as a global setting, to suit a range of enterprise deployment options.

However, from time to time we update the list of protocols which are supported and enabled, to reflect recommendations from NIST and other agencies about which protocols are preferred for securing web applications. For example, in Brocade vTM 9.8, we changed the default settings so that SSL v2 and v3 needed to be explicitly enabled in order to be used, and in future versions, we will remove support for these older protocols completely.

From the latest version, Brocade Virtual Traffic Manager 10.4, SSL v2 will be available to applications, but will be deprecated: future releases of vTM will not include SSL v2 as an option. SSL v2 will be supported within the 10.4 LTS (Long Term Support) program for customers that need to continue to use SSL v2.

SSL/TLS protocol configuration

Brocade vTM allows security settings to be configured per virtual server, per pool, or even with a single global setting, depending on how you need to configure your applications. As shown in the table below, SSL v2 and v3 are disabled by default, but each of the security protocols can be enabled to suit the security profile that you need. When a client creates a connection with your application, vTM negotiates the most secure protocol which is supported by both the client, and enabled in vTM on that connection.

SecurityProtocol

Enabled by Default

Configurable

In vTM 10.4

SSL

v2

No

Yes, Deprecated

SSL

v3

No

Yes

TLS

1.0

Yes

Yes

TLS

1.1

Yes

Yes

TLS

1.2

Yes

Yes

TLS 1.2 advantages

At the time of writing (March 2016) TLS 1.2 is the recommended security protocol for web applications, and the TLS 1.3 specification is being finalised. TLS 1.2 includes a range of improvements over the previous version, including performance enhancements using the latest AES-GCM ciphers. Be sure to check with your own local security teams as to the recommended security protocols and ciphers for your applications.

Please note: Certain product lines referenced on this website have been acquired by third party buyers and may no longer be supported, offered or sold by Brocade. These product lines include, but are not limited to, the Virtual Router (vRouter), Virtual Application Delivery Controller (vADC), the Virtual Evolved Packet Core (vEPC) and the Software Defined Networking (SDN) Controller. Any mention of these product lines, including associated services and support on this site, as it relates to Brocade should now be considered historical reference only. Ongoing use of such products may be subject to terms and conditions of the buyer.

Some, but not all the content on this site is provided, reviewed, approved or endorsed by Brocade but in any case, is provided solely as a convenience of our customers. All postings and use of the content on this site are subject to the BROCADE WEBSITE USE TERMS AND CONDITIONS. BROCADE ASSUMES NO LIABILITY WHATSOEVER, MAKES NO REPRESENTATION AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO THE CONTENT PROVIDED HEREIN, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, CORRECTNESS, APPROPRIATENESS OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED. THIRD PARTIES USE THIS CONTENT AT THEIR OWN RISK. Content on this site may contain or be subject to specific guidelines or limitation on use. Third parties using this content agree to abide by any limitation or guidelines and to comply with the BROCADE WEBSITE USE TERMS AND CONDITIONS. Brocade may make changes to this content, to specifications, or product design or descriptions at any time, or may remove content at its sole discretion without notice.